Jump to content

Help Please - google search redirecting


Cass2010
 Share

Recommended Posts

I've been trying for 2 days to get rid of this problem and nothing is working. I have Avast and malwarebytes and ccleaner and nothing will get rid of it. I do a google search and it takes me to google and when I click the site I like it redirects me to other affilite sites. This post had some screen shots of the exact same problem - http://forums.malwarebytes.org/index.php?showtopic=73999&st=0&p=393400&hl=help%20with%20google%20redirect&fromsearch=1entry393400 . Please help me before I go insane. I know Borislav? helped someone with the same problem but it said that information was just for that thread only..

Pleze pleze pleze..

Thanks,

Cass

Link to post
Share on other sites

Hello Cass! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

Download DDS and save it to your desktop from here or here .

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Link to post
Share on other sites

Hi Maniac, Here are both of the logs..

Thanks a lot for helping me ;-)

DDS (Ver_10-12-12.02) - NTFSx86

Run by Jim at 3:56:52.27 on Sun 02/27/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.100 [GMT -8:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\TrueAssistant\TrueAssistant.exe

C:\WINDOWS\system32\dlcccoms.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\EZ17429N\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us

uSearch Bar = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=yahoo_v.1_ie&bm=yh_search

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\jim\local settings\application data\google\update\GoogleUpdate.exe" /c

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB5; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://pbskids.org/arthur/games/artstudio/paint.html"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16

mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"

mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\jim\startm~1\programs\startup\trueas~1.lnk - c:\program files\trueassistant\TrueAssistant.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab

DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} - hxxp://host-d.oddcast.com/hostClientIE.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 82.98.231.89 url.adtrgt.com

Hosts: 82.98.231.89 googleads2.gdoubleclick.net

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jim\applic~1\mozilla\firefox\profiles\ymdty76c.default\

FF - prefs.js: browser.startup.homepage - hxxp://start.verizon.net/

FF - plugin: c:\program files\ksolo\npAVX.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2009-6-3 15172]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-22 294608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-22 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-22 40384]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]

S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]

S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]

S2 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [2006-6-27 508304]

=============== Created Last 30 ================

2011-02-26 22:42:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan

2011-02-26 22:42:15 -------- d-----w- c:\program files\Security Task Manager

2011-02-23 01:35:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-23 01:34:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-23 01:34:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-22 23:55:55 -------- d-----w- c:\program files\CCleaner

2011-02-22 22:35:03 38848 ----a-w- c:\windows\avastSS.scr

2011-02-22 22:34:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2011-01-30 22:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-01-30 22:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-12-16 19:37:54 72080 ----a-w- c:\documents and settings\jim\g2mdlhlpx.exe

2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: SAMSUNG_HD160JJ/P rev.ZM100-34 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-17

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82F83555]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82f897b0]; MOV EAX, [0x82f8982c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x82F5C030]

3 CLASSPNP[0xF85B5FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x82F1C780]

\Driver\atapi[0x82FCE030] -> IRP_MJ_CREATE -> 0x82F83555

kernel: MBR read successfully

_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }

detected disk devices:

\Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskSAMSUNG_HD160JJ#P_______________________ZM100-34#5&f85c66f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x82F8339B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

============= FINISH: 3:59:52.29 ===============

Attach TXT

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 6/5/2006 7:59:17 PM

System Uptime: 2/26/2011 8:42:52 AM (19 hours ago)

Motherboard: Dell Inc. | | 0JC474

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 107 GiB total, 29.352 GiB free.

D: is FIXED (NTFS) - 37 GiB total, 0.241 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1496: 11/30/2010 12:30:49 AM - System Checkpoint

RP1497: 12/1/2010 12:52:01 AM - System Checkpoint

RP1498: 12/2/2010 1:18:41 AM - System Checkpoint

RP1499: 12/3/2010 1:42:45 AM - System Checkpoint

RP1500: 12/4/2010 2:18:43 AM - System Checkpoint

RP1501: 12/5/2010 5:06:47 AM - System Checkpoint

RP1502: 12/6/2010 8:55:56 AM - System Checkpoint

RP1503: 12/7/2010 6:58:04 PM - System Checkpoint

RP1504: 12/8/2010 8:12:10 PM - System Checkpoint

RP1505: 12/9/2010 8:13:19 PM - System Checkpoint

RP1506: 12/10/2010 8:47:15 PM - System Checkpoint

RP1507: 12/11/2010 9:23:14 PM - System Checkpoint

RP1508: 12/12/2010 9:53:43 PM - System Checkpoint

RP1509: 12/13/2010 10:23:13 PM - System Checkpoint

RP1510: 12/14/2010 10:25:23 PM - System Checkpoint

RP1511: 12/15/2010 3:00:35 AM - Software Distribution Service 3.0

RP1512: 12/16/2010 4:56:04 AM - System Checkpoint

RP1513: 12/17/2010 7:11:21 AM - System Checkpoint

RP1514: 12/18/2010 7:41:01 AM - System Checkpoint

RP1515: 12/19/2010 8:36:38 AM - System Checkpoint

RP1516: 12/20/2010 11:56:02 AM - System Checkpoint

RP1517: 12/21/2010 12:47:17 PM - System Checkpoint

RP1518: 12/22/2010 2:25:02 PM - System Checkpoint

RP1519: 12/23/2010 3:48:57 PM - System Checkpoint

RP1520: 12/24/2010 4:48:56 PM - System Checkpoint

RP1521: 12/25/2010 5:51:16 PM - System Checkpoint

RP1522: 12/26/2010 7:01:02 PM - System Checkpoint

RP1523: 12/27/2010 7:24:57 PM - System Checkpoint

RP1524: 12/28/2010 7:36:57 PM - System Checkpoint

RP1525: 12/29/2010 7:50:08 PM - System Checkpoint

RP1526: 12/30/2010 8:25:05 PM - System Checkpoint

RP1527: 12/31/2010 9:24:58 PM - System Checkpoint

RP1528: 1/1/2011 9:48:57 PM - System Checkpoint

RP1529: 1/2/2011 11:25:05 PM - System Checkpoint

RP1530: 1/4/2011 1:25:00 AM - System Checkpoint

RP1531: 1/5/2011 1:57:07 AM - System Checkpoint

RP1532: 1/7/2011 8:10:38 AM - System Checkpoint

RP1533: 1/8/2011 8:59:06 AM - System Checkpoint

RP1534: 1/9/2011 9:59:08 AM - System Checkpoint

RP1535: 1/10/2011 1:44:45 PM - System Checkpoint

RP1536: 1/11/2011 1:58:55 PM - System Checkpoint

RP1537: 1/12/2011 3:00:30 AM - Software Distribution Service 3.0

RP1538: 1/13/2011 9:29:48 PM - System Checkpoint

RP1539: 1/14/2011 10:16:07 PM - System Checkpoint

RP1540: 1/16/2011 1:11:58 AM - System Checkpoint

RP1541: 1/17/2011 12:22:19 PM - System Checkpoint

RP1542: 1/18/2011 1:11:20 PM - System Checkpoint

RP1543: 1/19/2011 1:12:23 PM - System Checkpoint

RP1544: 1/20/2011 2:11:18 PM - System Checkpoint

RP1545: 1/21/2011 2:23:21 PM - System Checkpoint

RP1546: 1/21/2011 10:14:44 PM - Restore Operation

RP1547: 1/22/2011 10:53:30 PM - System Checkpoint

RP1548: 1/24/2011 12:18:16 AM - System Checkpoint

RP1549: 1/25/2011 8:35:53 AM - System Checkpoint

RP1550: 1/26/2011 8:53:26 AM - System Checkpoint

RP1551: 1/27/2011 9:12:00 AM - System Checkpoint

RP1552: 1/28/2011 9:53:26 AM - System Checkpoint

RP1553: 1/29/2011 12:13:50 PM - System Checkpoint

RP1554: 1/30/2011 1:05:47 PM - System Checkpoint

RP1555: 1/31/2011 11:07:00 PM - System Checkpoint

RP1556: 2/2/2011 1:36:40 AM - System Checkpoint

RP1557: 2/3/2011 4:32:30 AM - System Checkpoint

RP1558: 2/4/2011 5:20:30 AM - System Checkpoint

RP1559: 2/5/2011 5:32:37 AM - System Checkpoint

RP1560: 2/6/2011 5:56:37 AM - System Checkpoint

RP1561: 2/7/2011 6:20:30 AM - System Checkpoint

RP1562: 2/8/2011 7:49:24 AM - System Checkpoint

RP1563: 2/9/2011 8:59:55 AM - System Checkpoint

RP1564: 2/10/2011 10:01:25 AM - System Checkpoint

RP1565: 2/11/2011 10:57:38 AM - System Checkpoint

RP1566: 2/12/2011 6:18:02 PM - System Checkpoint

RP1567: 2/13/2011 10:25:36 PM - System Checkpoint

RP1568: 2/15/2011 4:43:07 AM - System Checkpoint

RP1569: 2/16/2011 7:22:37 AM - System Checkpoint

RP1570: 2/17/2011 8:07:58 AM - System Checkpoint

RP1571: 2/18/2011 9:08:01 AM - System Checkpoint

RP1572: 2/19/2011 9:57:01 AM - System Checkpoint

RP1573: 2/20/2011 10:14:08 AM - System Checkpoint

RP1574: 2/21/2011 10:15:12 AM - System Checkpoint

RP1575: 2/22/2011 2:15:50 PM - System Checkpoint

RP1576: 2/22/2011 2:34:49 PM - avast! Free Antivirus Setup

RP1577: 2/22/2011 3:07:38 PM - Removed Trend Micro Internet Security

RP1578: 2/23/2011 8:31:46 PM - System Checkpoint

RP1579: 2/26/2011 11:03:36 AM - System Checkpoint

==== Installed Programs ======================

102 Dalmatians Activity Center

924PLC32

ABBYY FineReader 6.0 Sprint

Adobe Acrobat 5.0

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.2

Adobe Shockwave Player 11

Allok AVI MPEG Converter 3.0.0524

AOLIcon

Apple Application Support

Apple Mobile Device Support

Apple Software Update

avast! Free Antivirus

Barbie Girls

Blackhawk Striker 2

Blasterball 2

Bonjour

BUM

Capturelib Screen Recorder 2.0.0

CardRd81

CCHelp

CCleaner

CCScore

Conexant D850 56K V.9x DFVc Modem

CR2

Critical Update for Windows Media Player 11 (KB959772)

Dell CinePlayer

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Game Console

Dell Photo AIO Printer 924

Dell Support Center

Dell System Restore

DellSupport

Dig'nRigs

Digital Content Portal

Digital Line Detect

Documentation & Support Launcher

Easy Image Convertor

eBook Pro Viewer 5.54

EducateU

ELIcon

ESSAdpt

ESSANUP

ESSBrwr

ESSCAM

ESSCDBK

ESScore

ESSCT

ESSgui

ESShelp

ESSini

ESSPCD

ESSPDock

ESSTOOLS

ESSTUTOR

essvatgt

ESSvpaht

ESSvpot

Fisher-Price

Link to post
Share on other sites

I really can't answer you. If yu want we'll take care for your thread when we finish.

Now:

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, choose it.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.

In your next reply, please post the following logs:

  1. TDSSKiller log
  2. a new fresh DDS log only

Link to post
Share on other sites

Hi Borislav, Here is the new DDS log, and Tdss killer log :-)

Your directions are awesome so far and very easy to follow. :-)

Cass

DDS log

DDS (Ver_10-12-12.02) - NTFSx86

Run by Jim at 16:14:56.82 on Sun 02/27/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.172 [GMT -8:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\ehome\ehtray.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\TrueAssistant\TrueAssistant.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\dlcccoms.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Common Files\Microsoft Shared\office12\offlb.exe

C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\EZ17429N\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us

uSearch Bar = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=yahoo_v.1_ie&bm=yh_search

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll

TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\jim\local settings\application data\google\update\GoogleUpdate.exe" /c

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB5; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://pbskids.org/arthur/games/artstudio/paint.html"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16

mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"

mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\jim\startm~1\programs\startup\trueas~1.lnk - c:\program files\trueassistant\TrueAssistant.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab

DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} - hxxp://host-d.oddcast.com/hostClientIE.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 82.98.231.89 url.adtrgt.com

Hosts: 82.98.231.89 googleads2.gdoubleclick.net

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jim\applic~1\mozilla\firefox\profiles\ymdty76c.default\

FF - prefs.js: browser.startup.homepage - hxxp://start.verizon.net/

FF - plugin: c:\program files\ksolo\npAVX.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2009-6-3 15172]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-22 294608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-22 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-22 40384]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]

S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]

S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]

S2 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [2006-6-27 508304]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-9 136176]

=============== Created Last 30 ================

2011-02-27 22:46:24 -------- d-----w- c:\program files\Drop Down Deals

2011-02-27 22:46:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer

2011-02-26 22:42:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan

2011-02-26 22:42:15 -------- d-----w- c:\program files\Security Task Manager

2011-02-23 01:35:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-23 01:34:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-23 01:34:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-22 23:55:55 -------- d-----w- c:\program files\CCleaner

2011-02-22 22:35:03 38848 ----a-w- c:\windows\avastSS.scr

2011-02-22 22:34:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2011-01-30 22:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-01-30 22:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-12-16 19:37:54 72080 ----a-w- c:\documents and settings\jim\g2mdlhlpx.exe

2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 16:16:29.79 ===============

Tdss killer log

2011/02/27 16:07:40.0437 3736 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08

2011/02/27 16:07:41.0937 3736 ================================================================================

2011/02/27 16:07:41.0937 3736 SystemInfo:

2011/02/27 16:07:41.0937 3736

2011/02/27 16:07:41.0937 3736 OS Version: 5.1.2600 ServicePack: 3.0

2011/02/27 16:07:41.0937 3736 Product type: Workstation

2011/02/27 16:07:41.0937 3736 ComputerName: FAMILY_DESKTOP

2011/02/27 16:07:41.0937 3736 UserName: Jim

2011/02/27 16:07:41.0937 3736 Windows directory: C:\WINDOWS

2011/02/27 16:07:41.0937 3736 System windows directory: C:\WINDOWS

2011/02/27 16:07:41.0937 3736 Processor architecture: Intel x86

2011/02/27 16:07:41.0937 3736 Number of processors: 2

2011/02/27 16:07:41.0937 3736 Page size: 0x1000

2011/02/27 16:07:41.0937 3736 Boot type: Normal boot

2011/02/27 16:07:41.0937 3736 ================================================================================

2011/02/27 16:07:45.0093 3736 Initialize success

2011/02/27 16:07:50.0437 2068 ================================================================================

2011/02/27 16:07:50.0437 2068 Scan started

2011/02/27 16:07:50.0437 2068 Mode: Manual;

2011/02/27 16:07:50.0437 2068 ================================================================================

2011/02/27 16:07:53.0031 2068 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/02/27 16:07:53.0125 2068 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/02/27 16:07:53.0203 2068 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/02/27 16:07:53.0234 2068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/02/27 16:07:53.0265 2068 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/02/27 16:07:53.0312 2068 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/02/27 16:07:53.0437 2068 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/02/27 16:07:53.0484 2068 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/02/27 16:07:53.0515 2068 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/02/27 16:07:53.0531 2068 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/02/27 16:07:53.0562 2068 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/02/27 16:07:53.0578 2068 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/02/27 16:07:53.0640 2068 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/02/27 16:07:53.0671 2068 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/02/27 16:07:53.0703 2068 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/02/27 16:07:53.0734 2068 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/02/27 16:07:53.0781 2068 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/02/27 16:07:53.0796 2068 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/02/27 16:07:53.0828 2068 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/02/27 16:07:53.0906 2068 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/02/27 16:07:53.0937 2068 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/02/27 16:07:53.0984 2068 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/02/27 16:07:54.0015 2068 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys

2011/02/27 16:07:54.0062 2068 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/02/27 16:07:54.0109 2068 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/02/27 16:07:54.0156 2068 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/02/27 16:07:54.0203 2068 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/02/27 16:07:54.0234 2068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/02/27 16:07:54.0328 2068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/02/27 16:07:54.0453 2068 Ca50xav (6a9a0dcaeef488bb872b7fca33aed3c2) C:\WINDOWS\system32\Drivers\Ca50xav.sys

2011/02/27 16:07:54.0500 2068 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/02/27 16:07:54.0515 2068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/02/27 16:07:54.0531 2068 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/02/27 16:07:54.0562 2068 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/02/27 16:07:54.0593 2068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/02/27 16:07:54.0625 2068 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/02/27 16:07:54.0671 2068 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/02/27 16:07:54.0750 2068 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/02/27 16:07:54.0781 2068 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/02/27 16:07:54.0812 2068 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/02/27 16:07:54.0859 2068 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/02/27 16:07:54.0890 2068 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/02/27 16:07:54.0953 2068 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/02/27 16:07:54.0984 2068 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/02/27 16:07:55.0031 2068 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS

2011/02/27 16:07:55.0062 2068 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/02/27 16:07:55.0078 2068 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/02/27 16:07:55.0109 2068 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/02/27 16:07:55.0125 2068 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2011/02/27 16:07:55.0156 2068 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/02/27 16:07:55.0187 2068 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/02/27 16:07:55.0265 2068 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/02/27 16:07:55.0312 2068 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/02/27 16:07:55.0328 2068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/02/27 16:07:55.0375 2068 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/02/27 16:07:55.0421 2068 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/02/27 16:07:55.0468 2068 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/02/27 16:07:55.0484 2068 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/02/27 16:07:55.0515 2068 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/02/27 16:07:55.0687 2068 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

2011/02/27 16:07:55.0750 2068 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys

2011/02/27 16:07:55.0781 2068 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/02/27 16:07:55.0859 2068 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/02/27 16:07:55.0906 2068 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/02/27 16:07:55.0937 2068 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/02/27 16:07:55.0984 2068 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/02/27 16:07:56.0046 2068 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/02/27 16:07:56.0078 2068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/02/27 16:07:56.0109 2068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/02/27 16:07:56.0156 2068 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/02/27 16:07:56.0218 2068 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/02/27 16:07:56.0281 2068 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/02/27 16:07:56.0312 2068 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/02/27 16:07:56.0359 2068 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/02/27 16:07:56.0421 2068 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

2011/02/27 16:07:56.0484 2068 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2011/02/27 16:07:56.0562 2068 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/02/27 16:07:56.0609 2068 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/02/27 16:07:56.0656 2068 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/02/27 16:07:56.0687 2068 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/02/27 16:07:56.0750 2068 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/02/27 16:07:56.0812 2068 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/02/27 16:07:56.0859 2068 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/02/27 16:07:56.0906 2068 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/02/27 16:07:56.0937 2068 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/02/27 16:07:56.0984 2068 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/02/27 16:07:57.0046 2068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/02/27 16:07:57.0078 2068 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/02/27 16:07:57.0109 2068 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/02/27 16:07:57.0156 2068 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/02/27 16:07:57.0218 2068 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/02/27 16:07:57.0265 2068 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/02/27 16:07:57.0296 2068 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/02/27 16:07:57.0343 2068 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/02/27 16:07:57.0421 2068 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/02/27 16:07:57.0468 2068 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/02/27 16:07:57.0546 2068 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys

2011/02/27 16:07:57.0578 2068 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/02/27 16:07:57.0625 2068 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/02/27 16:07:57.0671 2068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/02/27 16:07:57.0703 2068 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/02/27 16:07:57.0718 2068 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2011/02/27 16:07:57.0750 2068 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/02/27 16:07:57.0796 2068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/02/27 16:07:57.0828 2068 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/02/27 16:07:57.0875 2068 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/02/27 16:07:57.0906 2068 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/02/27 16:07:57.0984 2068 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/02/27 16:07:58.0031 2068 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/02/27 16:07:58.0078 2068 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/02/27 16:07:58.0109 2068 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/02/27 16:07:58.0140 2068 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/02/27 16:07:58.0156 2068 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/02/27 16:07:58.0203 2068 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/02/27 16:07:58.0250 2068 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/02/27 16:07:58.0296 2068 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/02/27 16:07:58.0359 2068 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/02/27 16:07:58.0406 2068 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/02/27 16:07:58.0453 2068 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/02/27 16:07:58.0484 2068 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/02/27 16:07:58.0515 2068 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/02/27 16:07:58.0562 2068 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/02/27 16:07:58.0593 2068 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/02/27 16:07:58.0625 2068 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/02/27 16:07:58.0687 2068 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/02/27 16:07:58.0734 2068 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/02/27 16:07:58.0781 2068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/02/27 16:07:58.0875 2068 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/02/27 16:07:59.0531 2068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/02/27 16:07:59.0562 2068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/02/27 16:07:59.0656 2068 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/02/27 16:07:59.0703 2068 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/02/27 16:07:59.0734 2068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/02/27 16:07:59.0781 2068 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/02/27 16:07:59.0843 2068 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/02/27 16:07:59.0875 2068 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/02/27 16:07:59.0984 2068 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/02/27 16:08:00.0031 2068 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/02/27 16:08:00.0125 2068 PID_0928 (5bd2c6d982481d548107c602e7ccfbbc) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS

2011/02/27 16:08:00.0156 2068 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/02/27 16:08:00.0203 2068 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/02/27 16:08:00.0250 2068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/02/27 16:08:00.0312 2068 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/02/27 16:08:00.0406 2068 PzWDM (36cf3653d367cbc72a38625543f3d4d1) C:\WINDOWS\system32\Drivers\PzWDM.sys

2011/02/27 16:08:00.0468 2068 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/02/27 16:08:00.0500 2068 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/02/27 16:08:00.0515 2068 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/02/27 16:08:00.0546 2068 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/02/27 16:08:00.0578 2068 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/02/27 16:08:00.0609 2068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/02/27 16:08:00.0625 2068 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/02/27 16:08:00.0656 2068 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/02/27 16:08:00.0687 2068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/02/27 16:08:00.0718 2068 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/02/27 16:08:00.0750 2068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/02/27 16:08:00.0781 2068 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/02/27 16:08:00.0828 2068 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/02/27 16:08:00.0875 2068 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/02/27 16:08:00.0968 2068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/02/27 16:08:01.0015 2068 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/02/27 16:08:01.0046 2068 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/02/27 16:08:01.0109 2068 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/02/27 16:08:01.0171 2068 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/02/27 16:08:01.0250 2068 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/02/27 16:08:01.0281 2068 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/02/27 16:08:01.0328 2068 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/02/27 16:08:01.0359 2068 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/02/27 16:08:01.0453 2068 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/02/27 16:08:01.0515 2068 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

2011/02/27 16:08:01.0562 2068 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

2011/02/27 16:08:01.0609 2068 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

2011/02/27 16:08:01.0671 2068 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\WINDOWS\system32\DRIVERS\sscdserd.sys

2011/02/27 16:08:01.0750 2068 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys

2011/02/27 16:08:01.0828 2068 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/02/27 16:08:01.0875 2068 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/02/27 16:08:01.0890 2068 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/02/27 16:08:01.0968 2068 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/02/27 16:08:02.0000 2068 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/02/27 16:08:02.0015 2068 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/02/27 16:08:02.0031 2068 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/02/27 16:08:02.0109 2068 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/02/27 16:08:02.0187 2068 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/02/27 16:08:02.0234 2068 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/02/27 16:08:02.0265 2068 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/02/27 16:08:02.0578 2068 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/02/27 16:08:02.0656 2068 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/02/27 16:08:02.0703 2068 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/02/27 16:08:02.0750 2068 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/02/27 16:08:02.0812 2068 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/02/27 16:08:02.0875 2068 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/02/27 16:08:02.0921 2068 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/02/27 16:08:02.0968 2068 USBCamera (2038824260efdffa6f78d9bef767622d) C:\WINDOWS\system32\Drivers\Bulk50x.sys

2011/02/27 16:08:03.0015 2068 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/02/27 16:08:03.0046 2068 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/02/27 16:08:03.0078 2068 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/02/27 16:08:03.0171 2068 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/02/27 16:08:03.0234 2068 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/02/27 16:08:03.0281 2068 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/02/27 16:08:03.0296 2068 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/02/27 16:08:03.0328 2068 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/02/27 16:08:03.0390 2068 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/02/27 16:08:03.0453 2068 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/02/27 16:08:03.0484 2068 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/02/27 16:08:03.0531 2068 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/02/27 16:08:03.0593 2068 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/02/27 16:08:03.0656 2068 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/02/27 16:08:03.0765 2068 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

2011/02/27 16:08:03.0812 2068 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/02/27 16:08:03.0843 2068 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/02/27 16:08:03.0906 2068 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/02/27 16:08:03.0937 2068 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/02/27 16:08:03.0968 2068 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/02/27 16:08:03.0968 2068 ================================================================================

2011/02/27 16:08:03.0968 2068 Scan finished

2011/02/27 16:08:03.0968 2068 ================================================================================

2011/02/27 16:08:03.0984 2660 Detected object count: 1

2011/02/27 16:08:20.0234 2660 \HardDisk0 - will be cured after reboot

2011/02/27 16:08:20.0234 2660 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/02/27 16:08:28.0640 3416 Deinitialize success

Link to post
Share on other sites

Step 1

You have some leftovers from the older antivirus - AVG. Use their own uninstaller to clean the leftovers:

http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1184.exe

Step 2

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

In your next reply, please post the following logs:

  1. Malwarebytes' Anti-Malware log
  2. a new fresh DDS log only

Link to post
Share on other sites

Hi Borislav,

I followed step 1 and used the AVG uninstaller to get that out so if it worked the AVG remnants shold be gone.

I followed step 2 and in add and remove programs I found Viewpoint media player and removed that so that should also be gone. I followed step 3 and the malwarebytes report is below. Also below please find the new dds report. :-)

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5900

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2/28/2011 1:15:04 AM

mbam-log-2011-02-28 (01-15-04).txt

Scan type: Quick scan

Objects scanned: 196312

Time elapsed: 16 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\Temp\964800 (PUP.BHO) -> Quarantined and deleted successfully.

New DDS log

DDS (Ver_10-12-12.02) - NTFSx86

Run by Jim at 1:21:02.95 on Mon 02/28/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.64 [GMT -8:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\dlcccoms.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\TrueAssistant\TrueAssistant.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\QFJA5EZV\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us

uSearch Bar = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=yahoo_v.1_ie&bm=yh_search

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\jim\local settings\application data\google\update\GoogleUpdate.exe" /c

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB5; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://pbskids.org/arthur/games/artstudio/paint.html"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16

mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"

mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\jim\startm~1\programs\startup\trueas~1.lnk - c:\program files\trueassistant\TrueAssistant.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab

DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} - hxxp://host-d.oddcast.com/hostClientIE.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 82.98.231.89 url.adtrgt.com

Hosts: 82.98.231.89 googleads2.gdoubleclick.net

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jim\applic~1\mozilla\firefox\profiles\ymdty76c.default\

FF - prefs.js: browser.startup.homepage - hxxp://start.verizon.net/

FF - plugin: c:\program files\ksolo\npAVX.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2009-6-3 15172]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-22 294608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-22 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-22 40384]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-2-22 38224]

S2 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [2006-6-27 508304]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-9 136176]

=============== Created Last 30 ================

2011-02-27 22:46:24 -------- d-----w- c:\program files\Drop Down Deals

2011-02-27 22:46:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer

2011-02-26 22:42:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan

2011-02-26 22:42:15 -------- d-----w- c:\program files\Security Task Manager

2011-02-23 01:35:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-23 01:34:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-23 01:34:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-22 23:55:55 -------- d-----w- c:\program files\CCleaner

2011-02-22 22:35:03 38848 ----a-w- c:\windows\avastSS.scr

2011-02-22 22:34:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2011-01-30 22:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-01-30 22:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-12-16 19:37:54 72080 ----a-w- c:\documents and settings\jim\g2mdlhlpx.exe

============= FINISH: 1:23:50.84 ===============

Link to post
Share on other sites

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    ----------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  • Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Hi Borislav, it took me a real long time today. it kept saying that there was an AVG Scanner on but i did search after search of my computer and I couldn't find it to disable it or delete it. The Combo-fix just ran and I've included the report as you requested.

I'm ready for the next step. :-)

C:\Combo-Fix.txt

ComboFix 11-02-28.03 - Jim 02/28/2011 23:56:51.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.31 [GMT -8:00]

Running from: c:\documents and settings\Jim\Desktop\Malware fix\Combo-Fix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\Jim\g2mdlhlpx.exe

c:\documents and settings\Jim\GoToAssistDownloadHelper.exe

c:\windows\a3kebook.ini

c:\windows\akebook.ini

c:\windows\ANS2000.INI

c:\windows\Downloaded Program Files\CpnMgr.dll

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf

c:\windows\jestertb.dll

c:\windows\MailSwitch.ocx

c:\windows\system32\Ijl11.dll

c:\windows\system32\service\03122009_TIS17_SfFniAU.log

c:\windows\system32\service\06092010_TIS17_SfFniAU.log

c:\windows\system32\service\08092009_TIS17_SfFniAU.log

c:\windows\system32\service\11102009_TIS17_SfFniAU.log

c:\windows\system32\service\17012011_TIS17_SfFniAU.log

c:\windows\system32\service\18052010_TIS17_SfFniAU.log

c:\windows\system32\service\18092009_TIS17_SfFniAU.log

c:\windows\system32\service\19022010_TIS17_SfFniAU.log

c:\windows\system32\service\20082010_TIS17_SfFniAU.log

c:\windows\system32\service\21052010_TIS17_SfFniAU.log

c:\windows\system32\service\21092009_TIS17_SfFniAU.log

c:\windows\system32\service\24022010_TIS17_SfFniAU.log

c:\windows\system32\service\27102009_TIS17_SfFniAU.log

c:\windows\system32\service\29042010_TIS17_SfFniAU.log

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MYWEBSEARCHSERVICE

((((((((((((((((((((((((( Files Created from 2011-02-01 to 2011-03-01 )))))))))))))))))))))))))))))))

.

2011-03-01 07:00 . 2011-03-01 07:09 -------- d-----w- C:\Combo-Fix

2011-02-27 22:46 . 2011-02-27 22:46 -------- d-----w- c:\program files\Drop Down Deals

2011-02-27 22:46 . 2011-02-27 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer

2011-02-26 22:42 . 2011-02-26 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2011-02-26 22:42 . 2011-02-26 22:42 -------- d-----w- c:\program files\Security Task Manager

2011-02-24 06:41 . 2011-02-24 06:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-02-24 06:40 . 2011-02-24 06:40 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-02-23 01:35 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-23 01:34 . 2011-02-23 01:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-23 01:34 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-22 23:55 . 2011-02-22 23:56 -------- d-----w- c:\program files\CCleaner

2011-02-22 22:36 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-02-22 22:36 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-02-22 22:36 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-02-22 22:36 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-02-22 22:36 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-02-22 22:36 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-02-22 22:36 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-02-22 22:35 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr

2011-02-22 22:35 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe

2011-02-22 22:34 . 2011-02-22 22:34 -------- d-----w- c:\program files\Alwil Software

2011-02-22 22:34 . 2011-02-22 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2011-02-22 06:42 . 2011-02-22 06:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-02-04 21:59 . 2011-02-04 22:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp

2011-01-30 22:57 . 2011-01-30 22:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-01-30 22:57 . 2011-01-30 22:57 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-21 14:44 . 2005-08-16 09:18 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2005-08-16 09:18 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2005-08-16 09:18 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34 . 2005-08-16 09:18 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:59 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:59 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:59 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:26 . 2005-08-16 09:18 730112 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15 . 2005-08-16 09:18 718336 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 14:30 . 2005-08-16 09:18 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-09 13:42 . 2005-08-16 09:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07 . 2004-08-04 03:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2011-02-17 20:49 191488 ------w- c:\program files\Drop Down Deals\YontooIEClient.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-03 39408]

"Google Update"="c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-15 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]

"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [bU]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-25 274608]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Jim\Start Menu\Programs\Startup\

TrueAssistant.lnk - c:\program files\TrueAssistant\TrueAssistant.exe [2005-4-2 372224]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-30 24576]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

avgrsstx.dll [bU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MediaChecker.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MediaChecker.lnk

backup=c:\windows\pss\MediaChecker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware NewsFlash.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk

backup=c:\windows\pss\MySoftware NewsFlash.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]

path=c:\documents and settings\Jim\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk

backup=c:\windows\pss\Greetings Workshop Reminders.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2009-08-13 22:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BarbieGirlsTray]

2007-03-15 02:59 24576 ----a-w- c:\program files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 16:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-03-15 05:14 133104 ----atw- c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

2005-01-19 00:07 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

2005-01-19 00:47 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2005-01-19 00:37 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]

2007-12-21 16:31 791392 ----a-w- c:\program files\HOTALBUMMyBOX\MBBalloon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

2005-08-12 23:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-01-03 05:15 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Documents and Settings\\Jim\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Jim\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [6/3/2009 10:05 PM 15172]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/22/2011 2:36 PM 294608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/22/2011 2:36 PM 17744]

S2 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [6/27/2006 8:57 AM 508304]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/9/2011 5:49 PM 136176]

.

Contents of the 'Scheduled Tasks' folder

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-10 01:49]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-10 01:49]

2011-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3278007746-377470116-2607347890-1005Core.job

- c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-15 05:14]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3278007746-377470116-2607347890-1005UA.job

- c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-15 05:14]

2011-03-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3278007746-377470116-2607347890-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]

2011-03-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3278007746-377470116-2607347890-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]

2011-03-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3278007746-377470116-2607347890-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]

2011-03-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3278007746-377470116-2607347890-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]

2011-02-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3278007746-377470116-2607347890-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]

2011-02-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3278007746-377470116-2607347890-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\ymdty76c.default\

FF - prefs.js: browser.startup.homepage - hxxp://start.verizon.net/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe

AddRemove-Homestead Professional - c:\program files\Homestead\Homestead Professional\hkuninst.exe

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-01 00:11

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(576)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~3\wmpband.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-03-01 00:19:07

ComboFix-quarantined-files.txt 2011-03-01 08:18

Pre-Run: 31,614,603,264 bytes free

Post-Run: 31,555,284,992 bytes free

- - End Of File - - AC8E03A5B69FE9A26D7311AA53C093EA

Link to post
Share on other sites

Yes, there is some leftovers in your system from AVG. I'll take care of them! :)

Open Notepad and copy and paste the text in the code box below into it:

SecCenter::
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

Folder::
c:\program files\Drop Down Deals

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Hey Borislav, I copied the text to my desktop then grabbed n dragged it into the Combo-fix and here is the report.

I'll be at work and won't have access for a few hours but will check back in.

Thanks,

Cass

ComboFix 11-02-28.07 - Jim 03/01/2011 8:51.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.231 [GMT -8:00]

Running from: c:\documents and settings\Jim\Desktop\Malware fix\Combo-Fix.exe

Command switches used :: c:\documents and settings\Jim\Desktop\Malware fix\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Drop Down Deals

c:\program files\Drop Down Deals\YontooIEClient.dll

.

((((((((((((((((((((((((( Files Created from 2011-02-01 to 2011-03-01 )))))))))))))))))))))))))))))))

.

2011-03-01 07:00 . 2011-03-01 07:09 -------- d-----w- C:\Combo-Fix

2011-02-27 22:46 . 2011-02-27 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer

2011-02-26 22:42 . 2011-02-26 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2011-02-26 22:42 . 2011-02-26 22:42 -------- d-----w- c:\program files\Security Task Manager

2011-02-24 06:41 . 2011-02-24 06:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-02-24 06:40 . 2011-02-24 06:40 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-02-23 01:35 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-23 01:34 . 2011-02-23 01:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-23 01:34 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-22 23:55 . 2011-02-22 23:56 -------- d-----w- c:\program files\CCleaner

2011-02-22 22:36 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-02-22 22:36 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-02-22 22:36 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-02-22 22:36 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-02-22 22:36 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-02-22 22:36 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-02-22 22:36 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-02-22 22:35 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr

2011-02-22 22:35 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe

2011-02-22 22:34 . 2011-02-22 22:34 -------- d-----w- c:\program files\Alwil Software

2011-02-22 22:34 . 2011-02-22 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2011-02-22 06:42 . 2011-02-22 06:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-02-04 21:59 . 2011-02-04 22:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp

2011-01-30 22:57 . 2011-01-30 22:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-01-30 22:57 . 2011-01-30 22:57 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-21 14:44 . 2005-08-16 09:18 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2005-08-16 09:18 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2005-08-16 09:18 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34 . 2005-08-16 09:18 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:59 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:59 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:59 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:26 . 2005-08-16 09:18 730112 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15 . 2005-08-16 09:18 718336 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 14:30 . 2005-08-16 09:18 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-09 13:42 . 2005-08-16 09:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07 . 2004-08-04 03:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-03 39408]

"Google Update"="c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-15 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]

"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [bU]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-25 274608]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Jim\Start Menu\Programs\Startup\

TrueAssistant.lnk - c:\program files\TrueAssistant\TrueAssistant.exe [2005-4-2 372224]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-30 24576]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MediaChecker.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MediaChecker.lnk

backup=c:\windows\pss\MediaChecker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware NewsFlash.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk

backup=c:\windows\pss\MySoftware NewsFlash.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]

path=c:\documents and settings\Jim\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk

backup=c:\windows\pss\Greetings Workshop Reminders.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2009-08-13 22:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BarbieGirlsTray]

2007-03-15 02:59 24576 ----a-w- c:\program files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 16:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-03-15 05:14 133104 ----atw- c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

2005-01-19 00:07 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

2005-01-19 00:47 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2005-01-19 00:37 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]

2007-12-21 16:31 791392 ----a-w- c:\program files\HOTALBUMMyBOX\MBBalloon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

2005-08-12 23:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-01-03 05:15 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Documents and Settings\\Jim\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Jim\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [6/3/2009 10:05 PM 15172]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/22/2011 2:36 PM 294608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/22/2011 2:36 PM 17744]

S2 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [6/27/2006 8:57 AM 508304]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/9/2011 5:49 PM 136176]

.

Contents of the 'Scheduled Tasks' folder

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-10 01:49]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-10 01:49]

2011-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3278007746-377470116-2607347890-1005Core.job

- c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-15 05:14]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3278007746-377470116-2607347890-1005UA.job

- c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-15 05:14]

2011-03-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3278007746-377470116-2607347890-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]

2011-03-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3278007746-377470116-2607347890-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]

2011-03-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3278007746-377470116-2607347890-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]

2011-03-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3278007746-377470116-2607347890-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]

2011-02-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3278007746-377470116-2607347890-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]

2011-02-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3278007746-377470116-2607347890-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\ymdty76c.default\

FF - prefs.js: browser.startup.homepage - hxxp://start.verizon.net/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-01 09:07

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2011-03-01 09:14:48

ComboFix-quarantined-files.txt 2011-03-01 17:14

ComboFix2.txt 2011-03-01 08:19

Pre-Run: 31,618,711,552 bytes free

Post-Run: 31,607,050,240 bytes free

- - End Of File - - E10871966E6F642E010FC557196B74BD

Link to post
Share on other sites

Hi Borislav,

Seems to be great my friend,you're awesome and I'm so thankful for your help. I will definitelty do a donation for you when I get paid. I've added you as a friend and would like to keep in touch. I visit Romania with my church sometimes and it's very close to Bulgaria... Are you really 17 man, I just looked at your profile and that's amazing and you should be very proud of the knowledge you have so early in life. If you need a testimonial let me know.

If you want to see what I do go to myspace.com/loavesnfish or google " Cassidy singer songwriter " and I'll come up on the top of the page. If you are on Myspace, facebook or linkedIn.com do a freind request or conection and stay in touch. If your not on those sites you should be cause you can make a lot of money with that exposure.

Facebook.com Jim James Cassidy (Cass)

Myspace.com/loavesnfish or myspace.com/augmented

LinkedIn.com James Jim Cassidy

Thanks again for all your help and I will keep in touch and don't forget to do a friend request to those sites.

Also if you have any advice to make my pc or laptop faster or how to get rid of some of the programs that slow down startup or any other overall pc or laptop good health ideas I would love your advice.

Thanks again,

Cass

Link to post
Share on other sites

I send you request in Facebook, I'm there anytime. :)

Thanks for your kind words! :)

Last steps for you where you can find very useful information about your security. :)

Step 1

Go to Start => Run... and copy & paste next command in the field:

ComboFix /uninstall

Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

Note: Make sure there's a space between ComboFix and /uninstall

Step 2

Please manually delete DDS and TDSSKiller.

Step 3

Keep your software up-to-date:

http://www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :)

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.